From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 20 Jun 2012 17:48:59 +0200
Subject: [refpolicy] [PATCH 1/2] Mark wpa_cli as a commandline utility
 for admins
In-Reply-To: <1338213273.15707.8.camel@x220.mydomain.internal>
References: <20120528102102.GA10112@siphos.be>
	<20120528102204.GB10112@siphos.be>
	<1338213273.15707.8.camel@x220.mydomain.internal>
Message-ID: <20120620154831.GA7987@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, May 28, 2012 at 03:54:33PM +0200, Dominick Grift wrote:
> On Mon, 2012-05-28 at 12:22 +0200, Sven Vermeulen wrote:
> 
> > +/var/run/wpa_cli-.*		--	gen_context(system_u:object_r:wpa_cli_var_run_t,s0)
> 
> This applies to files only (--). However there are also dirs and
> sock_files labeled wpi_cli_var_run_t. The context of those objects will
> not be restored as per above file context specification.

Hmm, on my system, it is only PID files directly in /var/run.

The socket is stored in /tmp (but is written/managed by wpa_supplicant, not
wpa_cli).

I'll incorporate the other changes in the next try; if you know of any other
locations (fc's) that I need to add in case of Fedora (or other systems),
let me know and I'll add them in.

Wkr,
	Sven Vermeulen